* Posts by Hans Blick

24 posts • joined 14 May 2015

'Coding' cockup blamed for NHS cough-up of confidential info against patients' wishes

Hans Blick

...shared with research companies and clinical audits

So who are these research companies and clinical audits providers? I'd like to see a list of companies that TPP have shared the information with. GDPR makes a distinction between the data Controller and Processor in the relationship of data, typically we'd expect the NHS to be the data Controller and TPP as the data Processor... but I bet that TPP has registered as a Controller to decided the means and purpose of the data. Time to get the Subject Access Requests into them to find out who they've shared your data with - probably every insurance and pharmaceutical company out there paying silk road rates for your data!

Social networks have already violated the spirit of GDPR

Hans Blick

data privacy for dummies

The way I like to think of facebook data privacy is as follows...

Imagine someone gives you a glass of normal tap water to drink but in a funky glass, really cool and makes your friends all want the same glass. Unfortunately, using single atoms as letters, written under a fold in a crack in the base of the glass are the T&Cs that signify consent to the service that I sell of kicking the water drinkers (or "winkers" aka "the client") in the balls with size 14 steel toe-capped builders boots. For a princely fee, I reserve the right to "outsource" such a task to my "tranquil hugging user gatherings" (or "thug(s)" aka "network of affiliates") at a time and place of my choosing.

You can keep using the really cool and funky glass as long as I keep getting to sell my service of kicking your gonads into the 18th century to random strangers... sound like a fair deal?

Now a regulation comes along that says that I have to tell you that you "may" or "will" end up with a kick in the gonads in exchange for my glass, how unfair is that!

The question really is, why does gonads sound like it should be hyphenated?

How 'parasitic' Google's 'We're journalists!' court defence was stamped into oblivion

Hans Blick

me thinks something is afoot!

Why go with a defense of a journalistic organisation? What other options do they have and what would they have been? Whats the long game that Google are playing in the legal field... is it to try and keep their sandbox from being regulated beyond what GDPR asks the ICO to do?

I'm sure some of the finest conspiracy theory minds here could come up with a plausible theory....

1.5 BEEELLION sensitive files found exposed online dwarf Panama Papers leak

Hans Blick

Re: Just goes to prove

Its actually the other way around. It just goes to show that a lot of firms couldn't be bothered to be compliant with existing data regulations as they had no teeth. The software used for data storage for most SMEs has been marketed as being compliant but the implementation of said products and services has never been done.

There's a difference between good information governance and the just keep everything attitude.

If I ask and borrow your car and use it for the weekend, drive it back on Monday morning with a full tank with no damage, happy days! If you found out that I'd taken a copy of your keys just in case I needed to borrow it again, you'd be pretty pissed and call the police.

So why do you believe that an SME (or any firm) should have the right to hold data beyond their legal or regulatory terms?

Austrian privacy chief handed leash to EU's data protection beast

Hans Blick

and if all else fails...

...there's always the international laws etc that will allow judges in foreign courts to produce summons on data that exists in Europe and then look to deport people to foreign courts to try them. In theory it works both ways, expect to see a lot of other countries prescribing to the same set of rules to protect their own national interests. Also, as a"foreign" firm post brexit, which EU country will a firm choose to be represented from if they choose to sell goods/services into Europe, therefore you've accepted the risk to do business in Europe. Either way, companies are caught by the short and curlies, time to make sure your big expensive "legal" guns are fully loaded if your going to fuck about with this, I'm sure some of the European DPAs would be happy to put a few size 12's into a few British companies to protect their own local interests, and vice versa.

Oracle rival chides UK councils for pricey database indulgence

Hans Blick

I'm not out to defend Oracle but...

the honeypot that Oracle has found is not that the price of their software is through the roof, they've been able to identify the right people in most business that have nothing to do with the Oracle software but pay the bills. Oracle database is a very good product, otherwise we wouldnt all be whinging about the price of it. Some of the things we have identified are that even though Oracle will provide you with the licensing you need for a project, you really have to understand their licensing model and the cost of all the oracle environments in your business. Dont be afraid to tell the Oracle auditors and sales people to fuck off. If your really stuck and Oracle has you by the balls, get in a license specialist to go through your environment and recommend the lowest cost models that are out there. If you can challenge Oracle on every single point in the audit then they soon want to settle as you've created more hassle and work than they'd anticipated. Its the same tactic that all the big software vendors use, oracle is no exception.

If you take one point from my rant, then its look at the license models they have (including whats new) and negotiate hard and dirty. At the end of the day, your employed to keep the money in the company and not in the pocket of the vendors. Deal with them as if your being asked to stick your bleeding hand in a tank full of piranhas and asked to trust them not to bite.

I've been through Oracle audits, remember that Oracle are a big sales company and the sales people hate each other, think big and get regional offices or sales partners to quote as that really pisses them off. I had an Auditor in Oracle tell me I was a bastard and it was low down tricks I'd pulled after his "sale" fell through and I got the same licenses for half the price from another region. Let them play hardball, just be playing a ducking different game that they didn't even know they're part of!. Your vendors don't pay your bonus.

Coat, keys, CTRL-ALT-DEL, pub!

No wallet as the Directors buying!

Slacking off? ICO probe throws up concerns over instant messaging

Hans Blick

Archive and export Slack...

... we do that using Hanzo Archive (www.hanzo.co). Been round for ages!

IBM's SoftLayer is having a meltdown – and customers aren't happy

Hans Blick

Re: Thank you for calling IBM technical support.

hmmm.... no mention of the word cognitive or Watson in the menu, that's what must be wrong!

Microsoft: We're hiking UK cloud prices 22%. Stop whining – it's the Brexit

Hans Blick

Re: UK is doomed!!!

Well done if you run Linux. So do I. You're delusional if you think it will be the year of Linux on the consumer or corporate desktop any time soon though....

Seems to be working well for IBM, now with the biggest corporate deployment in the world and paying less in support costs...

IBM: Yes, it's true. We leaned on researchers to censor exploit info

Hans Blick

Q3 earnings announcement

...probably more related to how close this negative press is to their Q3 earnings announcement...

That UK law that'll share Brits' private info among govt departments? Yeah, that'll need oversight

Hans Blick

Brilliant idea (if you can keep off this register)

So a quick scan of the bill under Chapter 5 Part 1 on Public Service Delivery gives me...

(8)The first condition is that the objective has as its purpose—

(a)the improvement or targeting of a public service provided to

individuals or households, or

(b)the facilitation of the provision of a benefit (whether or not financial) to

individuals or households.

(9)The second condition is that the objective has as its purpose the improvement

of the well-being of individuals or households.

(10)The reference in subsection (9) to the well-being of individuals or households


(a)their physical and mental health and emotional well-being,

(b)the contribution made by them to society, and

(c)their social and economic well-being.

Translating this from "NewSpeak", it probably means that when your profile is sold by our fictional character "Benny", the "dedicated" worker in the office with a partial crack habit (partial meaning that his wages do not allow him to partake in his hobby as often as he'd like), he now can peruse your data to establish your profile so see if he and his associates can liberate your "unwanted" items from your household (based on social and economic well-being and contribution made to society), combine that tasty piece of financial information with the physical/mental/emotional well-being would give, overall, an excellent list of prime properties in which to get their filthy scheming hands on and raid everything that isn't bolted down.

I may be over exaggerating but I haven't got to the part of the document about the proposed controls and trace-ability on the data, nor do I expect to.

ICO boss calls for EU-style data protection rules post-Brexit

Hans Blick

Re: Lobbying starts now

"T May will want to weaken Data Protection, allow her spymasters to do what they want."

Her spymaster are already exempt, no need to weaken it.

I personally look at the GDPR that the ICO need to push through as having a mix of ISO27001/ 27002/ 27005/ SSAE 16 Type 2 reporting, and add in a generous dash of chilli powder.

If your systems are so bad that you know they will fail the general principles of security and privacy, then you shouldn't have client data and be banned from touching client data. Anyone pedaling crap software systems and wont update them, good luck in selling that after May 2018. I'm pretty sure the legal companies will be warming up their engines if they can get a chunk of a 4% fine against a big corporate for non compliance, it makes no sense in the ICO doing the work when we already have an ediscovery economy who can pick up the work. The ICO can pass out the budget between the law firms, the legal services companies and when they win the GDPR cases, make the model self funding and point them at europe and the rest of the world.

Don't let banks fool you, the blockchain really does have other uses

Hans Blick

block chain for property sales

should be as default for the buying and selling of property, so away with at least half of the search fees and other legal BS fees...

And! it! begins! Yahoo! sued! over! ultra-hack! of! 500m! accounts!

Hans Blick

and the money goes to...

probably better it they (hooYa!) just give some money to charity and shutdown their operations, what Joe Public get out of it at the back isn't worth a class action (real damages? Who actually uses hooYa! for anything but spam emails?

hooYa! as that's what Ms Mayer is probably saying as she rides the company mechanical bull in the excutive suite with the Verizon deal on the table! Not exactly an Autonomy moment but close :)

UK membership of Council of Europe has implications for data protection after Brexit

Hans Blick

IMHO GDPR would probably be the best bet for the UK to comply to as it also protects the data travelling into Europe, not just what is just coming into the UK (and potentially make a new revenue stream for ICO to be self funding). PrivacyShield is a compromise between a "rock" and "hard place" that doesn't help either case - no doubt there will be a further legal challenge to it down the line.

How a Brexit could stop UK biz and Europe swapping personal data

Hans Blick

its probably nothing but....

...nothing like a good old debt clock to see how the economy is ticking over....



Public debt to GDP ratio: 87.60026% (not bad in comparison to rest of EU)

Surplus/Deficit (+/−) to GDP ratio: 4.0742% (giving Spain (99% ratio)/ Denmark (38% ratio) a run for their money)

ICO fined cold-call firm £350k – so directors put it into liquidation

Hans Blick

Anyone for GDPR?

So folks, for those of you who aren't aware, the law looks like its going to change in Euroland this Spring with the final votes on the General Data Protection Register for all EU citizens. Since the Google Spain case, the law in the back end of all this is getting an over-hall and becoming a Regulation (read as no need to vote into Parliament) that has a 20 million Euro knuckle sandwich at the end of it... or if its a global entity then its up to 4% of their annual turnover.

Whilst it may be a pain in the testicles at this moment to see companies like this escaping the law by dissolving the company down, in about 2 years time you, yes you, will get the chance to be able to write to such companies and ask them the sweet sweet question of "What data do you hold on me?" and "As there is no contract between myself and your company for my personal data, please delete all data from all locations of said personal data; including, as the company has acted as a data controller, all 3rd parties entities that the data has been sold to, ensuring that all the locations of the data are firstly recorded (and evidence to show it) and then deleted in a non recoverable fashion."

A couple of those coming in per day should throw a spanner in the works of companies like this, the ICO will be forced to dole out the fines and then take appropriate auditing steps to ensure that the company has done what it has been asked to otherwise there should be another 20 million Euro fine (I'd assume that a cold calling companies are about to have a bad case of "non-profit-isus" leading to "windup-itus".

So, I hear you ask, whats so special about this... They close down, they start up again and the calls begin again... Absolutely this will happen, its in the nature of stupidity to do such things, but as the new "company" doesn't have any contractual relationship with you and therefore doesn't have the right to hold your personal data, the ICO will have to keep getting involved until it comes to the conclusion its going to be cheaper to enforce on the directors the maximum penalties so that all the other cold calling companies get the message (either that or a couple of goons to offer the director his very own high speed brick-testicle-brick sandwich with no mayo).

Personally I'm looking forward to every single spam email that I get from the companies I've unregistered the marketing from and keep getting spammed. I hope the ICO has thought ahead as when this kicks off there should be about 64.1 million people in the UK writing letters/emails/logging requests with every single company out there that they'll have to track and respond to.

And for those with a political slant thinking we'll (UK) "Brexit" and not care - its based on the right of an EU citizen to their data, and applies no matter where that data is held in the world, so no matter where the company is registered from they must comply with the request (since a lot of the international penalty mechanisms already exist due to financial regulations) .

So howdy doodie world, delete my data*!

(*Rinse and repeat every Friday between lunchtime beers and clock out time - just for shits and giggles!)

PETA monkey selfie lawsuit threatens wildlife photography, warns snapper at heart of row

Hans Blick

Re: Joke suit

I think you mean Wile E. Coyote...

Hans Blick

Re: The day a monkey decides to bring it's own lawsuit

Why not have the photographer (or their proxy) go back to the monkey troop and, on camera, offer them a few boxes of bananas/local fruit in exchange of "payment" for the photo. They can accept the criteria bananas/ local fruit by eating it or, vice versa, by not accepting the payment by not eating it...

That's sounds as logical as PETA representing the monkey's rights and the monkey gets a payment for its services (bananas/local fruit).

Myself, I'm going to a local farm and provide legal services to cattle (or even crocodiles in Australia) ready to be slaughtered by offering them suitable food for my services that I can sue anyone who causes them harm/death/etc should that logically befall them. Once I can sue the offending parties I will "hold" the funds on behalf of the dead animals... and buy a big yacht... :)

UK.gov makes total pig's ear of attempt to legalise home CD ripping

Hans Blick

problem of usage license rather than format

So the artist creates the music but as theyre piss poor broke they rely on an advance from a music company to get them advertising and pay for their living, in which case the music industry takes quite a large slice of the pie. The music company is funded by shareholders who all want a share of the profit as that's why they put the money in the business in the first place. Once the music is created, the format for the master is cut and that becomes the golden source. The music company has to recoup their costs and sell the product. Ideally, they would like to sell the same thing multiple times to the same person to maximize the revenue and potentially have a big slush fund. The problem is the format and security on the format is "easily" (with the right tools) intercepted and converted into something else. As the internet is essentially the Wild West, jurisdiction of it is impossible and ends up at a country's/unions "borders".

If the music company could lock down the format to be only played by one device they would, this has probably been tried and failed in the past - essentially the People (or the Plebs if your a Roman (pleb being a free citizen of plebian status rather than slave and so had rights)) do not like to be told what they can do with something that they have bought the rights to listen to/watch/use and so will convert/subvert it to their own use.

The government owns a duty of care to its people but also to the companies that may/may not pay Tax to them (depending on how good their accountants are). The theory is that the goods sold have a level of taxation that is collected by the Revenue Office and are for the good of the social aspect of the country. The reality is that the tax collected may find its way back to the pocket of the music company due to a variety of schemes that are employed to minimize the tax profile of a company (for the benefit of the shareholders).

So the problem ends up that the music company believes that they are being ripped off on their products and hence needs the government to intervene so that in the long run, their theory is that they can pay more Tax and so help the country. The reality is that the Plebs don't like to pay twice for the same thing and so will "challenge" any formats that limit their ability to enjoy their goods/services. The music company calls this piracy and every person who is involved in it is helping fund terrorism/etc whereas in reality, probably 99.9% of the Plebs listen to it for 3 months and then move on to something else. Even with a ripped CD, theres probably about 30% of music worth listening to and the other 70% is listened to once and then skipped - or it never makes the favorite playlist.

Streaming companies have stepped into the gap so that the Plebs can listen to their favorite music, endure a few ads as they dont want to pay for it, and if they really do they can purchase a digital format that can be centralized and shared among their many devices.

The music company revenue model accounts for sales and not for other digital services that they could make revenue from - hence their drop in traditional markets and the perceived lower total revenue sales in digital than what they believe they are due (if a traditional model was applied). The Plebs are loyal to the Artist and not the music company as they are perceived as not having a value add and being greedy in terms of the slice of the pie they believe they are entitled to.

So... to cut to the chase, if the music company had actually marketed itself to its customers rather than just the artist, they may actually have some support from the Plebs. As they are seen as trying to stifle the market and introduce barriers/limits to entry to the music industry, transactions/sales, and overall crying "Wolf" with a "poor me" attitude, the Plebs have moved on and don't give a flying monkeys about them - they love their Spotify/[insert streaming music supplier here]/etc as that's whats being marketed to them.

So how does a company get loyalty from their customers... they should probably go talk to Apple marketing, take notes and not indulge in the after meeting drinks.

Now..wheres my vodka...

Rosetta spots potholes IN SPAAACE: Someone call the galactic council

Hans Blick

free lift to the edge of the comets trajectory anyone?

Interesting but I'm pretty sure we have the capability of sticking a deep space probe into a tube and navigate the tube into one of these holes... send a probe out to the edge of the comets route and launch the probe out with an ion engine....

Or stick a load of solar powered signal repeaters in a tube and as the comet shoots off to the edge of the galaxy deploy them to build up a really big deep space relay network/monitoring points/ cameras etc?

FBI probe physical intrusions into Californian internet cables

Hans Blick

sleight of hand

As a member of the paranoid delusional and disfunctional dedicated deadbeats, I wonder if theres a sleight of hand going on here - as all good magic tricks go!

Simply cut cables at random places to send traffic into their backup routes whilst installing something else on the same cable at an earlier junction on the cable - no one knows any better until the cable is restored and traffic is resumed as normal....

Or have the backup routes already hacked and monitored and now to finish the job on the primary fibres...

Tin hat in my tin coat in my tin car in my tin garage all under a faraday cage (made of tin).

'Right to be forgotten' festers as ICO and Google come to blows

Hans Blick

Right to be forgotten... right to erasure.. EU Directive 95/46/EU

This is the tip of the iceberg in terms of data protection, having Google or any other data aggregator delete links to obscure or dated articles or links means that they have to have a mechanism to manage their content, which they probably do as they provide personalised targeted advertisements.

The real elephant in the room is the EU Directive 95/46/EU which means that any company who holds data on European citizens needs to get their act cleaned up and make sure that they are not over retaining old customer data. Ratification is within the next 3 months and in enforcement about a year after that.


Failing that, they get hit with a 100m EURO fine or 5% of global turnover - whichever is highest.

So if your working in a firm that holds any Personal Identifiable Information (or PII) and your in IT, you'll probably start to get pushed on what data the company holds in all its storage and applications.

If the shit hits the fan, depending where you are in the food chain, make sure your ass is protected!

Nuke icon as you'll probably feel like throwing a naked flame on it all like a good BOFH! :)


Biting the hand that feeds IT © 1998–2020